BadgerDAO reportedly suffers security breach and loses $10M

The BadgerDAO decentralized finance protocol appears to have suffered from a cyber attack leading to the loss of a reported $10 million at the time of writing. 

The attack, which was made public at about 2 a.m. UTC on Dec. 2, targeted the protocol on the Ethereum network at contract address 0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107. 

Users that have interacted with this contract are urged to revoke permission from their wallet. 

To revoke permissions of a contract, visit etherscan.com and login with a wallet you believe may be exposed. Although the attack only happened recently, permission for the contract may have been established weeks ago.

The total unconfirmed losses come to about $10.6 million.

The BadgerDAO team has not confirmed the exploit, but it issued a tweet at 4:30 a.m. UTC acknowledging that there have been reports of problems. All smart contracts on BadgerDAO have been paused in an effort to prevent any more potentially malicious withdrawals.

Early reports claim that some users received unusual spend requests from the smart contracts on the protocol. It is suspected that these requests were the attack in action through the front-end of the protocol.

Some have revised the value of suspected losses to upward of $100 million, with one user reportedly losing $90 million.

Related: Hackers can use compromised Google Cloud accounts to install mining software in under 30 seconds: Report

On Badger’s official Discord server, core contributor Tritium wrote “It looks like a bunch of users had approvals set for the exploit address allowing it to operate on their vault funds and that was exploited.” 

BADGER is down 15% to $22.71 at the time of writing on Coingecko.